Re: [exim] deny non-encrypted client connections (smarthost)

Góra strony
Delete this message
Reply to this message
Autor: Neustadt
Data:  
Dla: exim-users
Temat: Re: [exim] deny non-encrypted client connections (smarthost)


Am 23.08.2013 14:07, schrieb Neustadt:
> Am 23.08.2013 13:31, schrieb Ian Eiloart:
>>
>> On 22 Aug 2013, at 22:01, Neustadt <neustadt@???>
>> wrote:
>>
>>> I would like to know if there is a way to deny non encrypted
>>> connections when exim connects as a client to a smtp-relay/smarthost.
>>
>> As others have said, hosts_require_TLS = * will do this. However, that
>> may leave you unable to connect to many hosts. Messages for any host
>> that does not advertise STARTTLS will not be delivered.
>>
>> You may be OK with that, but it's also worth knowing that Exim will,
>> by default, use TLS if it's advertised. However, if the TLS setup
>> doesn't work, then Exim will fall back to unencrypted delivery. You
>> can prevent that fallback by setting tls_tempfail_tryclear to true: if
>> the recipient's MX servers *all* advertise STARTTLS, then you'll get
>> an encrypted delivery (if the TLS is working on one of the hosts) or
>> none at all.
>>
>
> Hi,
>
> I didnt understand this part of yours:
>
> > if the recipient's MX servers *all* advertise STARTTLS, then you'll
> > get an encrypted delivery (if the TLS is working on one of the hosts)
> > or none at all.
>
> especially what you wrote in brackets. Are you saying I can ensure that
> mails get encrypted through all passing relays until they can reach
> their destination with tls_tempfail_tryclear?
>
> Otherwise I don't see any difference to unsing hosts_require_TLS =
> MY.SMTP.RELAY
>
> By the way. Is there a way to create own variables that can be used
> across different exim config files?
> Would be neat to not have it my smtp relays specified twice, once in
> exim4.conf.template and once in update-exim4.conf.conf
>
> Regards
> Adrian
>



would anyone else know what he meant?